Re: Call for Consensus (CfC) on Adoption of the Insertable Streams API specification

Following up on the call...

This seems like a technology which has some interesting uses but I'm
generally not incredibly enthusiastic about it as a solution
for the E2E problem. Specifically:

- Generally, I don't think that having the key management in JS
  is amazing, as it requires some mechanism for getting trust in
  the JS, which we don't really have now.

- Even if we stipulate that the key management in JS makes sense,
  a generic mechanism that just outsources the encryption to JS
  seems to have a number of problems.

  - It breaks isolated streams and in general makes it very
    hard to have any information flow control guarantees

  - It encourages non-standard encryption which we know is tricky.

  - Doing any crypto in JS is inherently not ideal

Ultimately I think what we want here is:

- Built-in Transformers for encrypting data (e.g., a standardized
  version of SFrame or whatever ends up being the right answer)
  and that demonstrably keep the data isolated. These seem within
  the remit of this WG.

- To actually solve the key management problem. This seems less
  clear where to do it and I think there's some uncertainty about
  the right technical starting point, though MLS seems likely.

Where I think we got to on the call is that we could adopt Insertable
streams as a mechanism and indicate that as far as E2E goes, it was
useful as a mechanism for experimenting with E2E but that we would
expect to "pave the cowpaths" and define a built-in Transformer (or
transformers) for encryption and that people should use
those. Separately, I would hope we could figure out how to spin
up an effort to work on E2E keying.

I have the action item to provide a PR. Expect that soon.


On Thu, May 28, 2020 at 9:02 AM Bernard Aboba <>

> This is a Call for Consensus (CfC) to adopt "WebRTC Insertable Media Using
> Streams" as a WEBRTC WG deliverable.
> Note that adoption as a WEBRTC WG deliverable implies only that the
> specification is suitable as a starting point.
> The specification is located here:
> The Github repo is here:
> The WebRTC-NV use cases document is available here:
> The CfC will last for one week, and will end on Friday, June 5, 2020 at
> 16:00 UTC.
> In response, please state one of the following:
>    - I support publishing the Insertable Streams API draft as WEBRTC WG
>    deliverable.
>    - I object to adopting the current Insertable Streams API draft as a
>    WEBRTC WG work item, due to issues filed in open bug <#number>.
> Note that time has been reserved at the June 4, 2020 virtual interim (see
> previous message) for discussion of the Insertable Streams API.
> Bernard, for the Chairs

Received on Friday, 5 June 2020 13:53:56 UTC